If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

ZA Pro sees notepad . exe as malicious program ?

Question: ZA Pro sees notepad . exe as malicious program ?

Howdy all,
I am a noobie here and was wondering IF anyone has seen this before ?
I have searched with five or six different titles trying to find any reference to this and found nothing so ..... I am putting this thread up to see if there is any experience with this and whether or not I need to put this poor machine out of its misery.

I Have Win XP Home running as my OS and Zone Alarm Pro as my firewall.
The other day [day before yesterday Jan 14 08] I tried to open notepad to save a note for myself and Blink I get a warning from ZAPro that notepad is a malicious program and has been prevented from opening.

I am pretty sure that notepad isn't a malicious program or I would have noticed something in the last few years of using it.
My guess is that I have become infected with some kind of malware and was wondering IF anyone has ever heard of anything like this before ?

I have been surfing the web for several years and haven't heard of anything like it.
I will do the HJT thing and ask for help from any and all over there as well.

Thanks for your attention,

schooner
============================================
On another board I asked this same question and they wanted to know if my antivirus and or antispyware had caught anything.
here is my response to their questions.

Link pointed correctly? = yep at least the shortcut on my quick launch is or I THINK it is.
[see below]
No. I don't use the run command to open it.
I use a shortcut I put on my quick launch bar and I have a desktop shortcut as well.
======================
I will try to run it from &quot;Run - Command&quot; and see if I get the same error message.
YEP same message =
&quot;Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.&quot;
AND ZA Pro puts up a warning that &quot;Notepad is a malicious program and has been prevented from running on your machine.&quot; {I swear I can hear it snickering too ....}
When I go to the program permissions page on ZAPro notepad is there alright but listed as a trusted program with all its access open and accepted. This is blowing my single brain cell....
======================
On the properties for the desktop notepad shortcut it says .....
&quot; Target = %SystemRoot%\system32\notepad . exe
Start in: %HOMEDRIVE%%HOMEPATH% &quot;

I don't remember IF I ever read the path info before I started having problems with my notepad program. Might be the shortcuts are flummoxed ?
Nope. If I go to the program folder and click on the .exe I. still get the &quot;No You Can't&quot; message.

Now IF I TURN OFF ZAPro notepad works like normal.
It is ONLY when ZAPro is on I have this problem.
Is that weird or what ?

Re: ZA Pro sees notepad . exe as malicious program ?

schoonercapt,
That is very strange indeed.
Please, check the date of notepad.exe.
There are two of them, one is in \windows, another in \windows\system32.
Do the dates make sense - something similar to the Windows installation time or before. Mine is 8/4/2004.
It is possible for notepad to have become infected, of course, but unlikely. Yet the ZA warning should be of concern.
Your shortcut path is ok.

I feel you have conflicts in anti-scumware area, but don't know why notepad would be singled out.
ZAPro and ZA-AS use the same part for the OS protection, please, use one. Both have firewalls. Both have the triple defence.
AVG antispyware is unlikely to like living together with ZA-anti spyware.
I assume Spybot is not running TeaTimer. If it does, it'll conflict with OS and registry protection from ZA.
I assume Ad-Aware (not Adaware) is from Lavasoft and that you use to scan only. BTW it's obsolete now. No more updates.
I don't know what WinPatrol is.

In Program control, notepad should not have all settings allowed. In fact everything should be blocked (5 red Xs). It has no business to go out anywhere.

When ZA throws an alert are you able to go to Smart Advice and see what they say? Checksum and that sort of thing.

Re: ZA Pro sees notepad . exe as malicious program ?

Dear schoonercapt:

I have rec'd the same error message for another program. Please go to Program Control panel, Programs tab, scroll down to Notepad(2 of them). You have the Kill value in Trust Level. Here is what SmartDefense Advisor has assigned for program permissions and Notepad works fine with these:

Re: ZA Pro sees notepad . exe as malicious program ?

From zasuiteuser:

schoonercapt,
That is very strange indeed.
Please, check the date of notepad.exe.
There are two of them, one is in \windows, another in \windows\system32.
Do the dates make sense - something similar to the Windows installation time or before. Mine is 8/4/2004.
It is possible for notepad to have become infected, of course, but unlikely. Yet the ZA warning should be of concern.
Your shortcut path is ok.

I feel you have conflicts in anti-scumware area, but don't know why notepad would be singled out.
ZAPro and ZA-AS use the same part for the OS protection, please, use one. Both have firewalls. Both have the triple defence.
AVG antispyware is unlikely to like living together with ZA-anti spyware.
I assume Spybot is not running TeaTimer. If it does, it'll conflict with OS and registry protection from ZA.
I assume Ad-Aware (not Adaware) is from Lavasoft and that you use to scan only. BTW it's obsolete now. No more updates.
I don't know what WinPatrol is.

In Program control, notepad should not have all settings allowed. In fact everything should be blocked (5 red Xs). It has no business to go out anywhere.

When ZA throws an alert are you able to go to Smart Advice and see what they say? Checksum and that sort of thing.

Yep, when ZA Pro throws up an alert I CAN go see what they say and in most cases it isn't earth shaking.
[I have been incredibly Lucky as far as &quot;infections&quot; go. Knock-knock {sound of knuckles knocking on hardwood}

Dear schoonercapt:

I have rec'd the same error message for another program. Please go to Program Control panel, Programs tab, scroll down to Notepad(2 of them). You have the Kill value in Trust Level. Here is what SmartDefense Advisor has assigned for program permissions and Notepad works fine with these:

Thanks Watcher
I had gone into ZA Pro program control before and tried to enhance its permissions [notepads permissions] but that didn't work either ....
The thing was [notice the past tense ?] the thing was that notepad worked fine IF ZA Pro was off.

So....
I went into ZA Pro and removed notepad from the programs list. [and rebooted]
Then I added notepad dot exe to the programs list and Boink it is back and working.
[And I do have the settings set as you describe ]
Absolutely No Clue as to Why it went bonkers in the first place.
Most likely one of those PIBCAK* things.

On the other programs and relationships =
The AVG Anti-spyware is not active on start-up I use it as a stand alone scanner only.
The same with the AVG Free Anti-Virus.
I had heard about the conflict with Tea Timer so it is not active either.
[Got that tip from Fred Langa on the sorely missed LangaList.]
You are correct in your assumption it is indeed Ad-Aware [from Lavasoft] not Adaware.
{One of these days I will learn to spell-check before posting.}

WinPatrol is a Windows oriented program protection program that comes from all the way from back in the Win95 days.
[Maybe even Win 3.1 ? ?]
It is updated regularly for each new OS and keeps up with the program changes and permissions within Windows.
I highly recommend it. [http:// www. winpatrol. com] That 'link' is &quot;stretched&quot; to 'disable' it in the more than likely circumstance that hyperlinks should be approved by the forum Mods before posting.
You have probably seen its avatar somewhere in your &quot;travels&quot; ? The little Scotty dog ?
[A Black Scots Terrier in profile with a red collar (?) ]
It &quot;barks&quot; when it sees an unexpected program change and it asks you &quot;Do you want to accept this change ?&quot;
If you say NO it will not allow the &quot;change&quot;. In either the Registry or anywhere else within the Windows OS.
The really nice thing is that it runs with almost any other security program as long as YOU install the &quot;new&quot; program. There is a free version and a &quot;Plus&quot; version.
Check it out. As I say, I highly recommend it.

Thanks to those who did respond.

I am not much for chatting but I will be &quot;around&quot; now and again.